Solving Echo problem from backdoor using Radare2
Now let’s rewrite our payload and try to make the run flow go to the test function
We found that we need another jump after 62 bits which is the same offset as the first time, So we will inject sample fuction address after the test function ‘0x0804856b’
Can you see the
dummy_flag? :D Wohoo WE DID IT!!!